I woke up and checked my e-mail today and received an e-mail from eLearnSecurity that I successfully obtained my eCPPT certification. This is pretty exciting for me it's my second certification this year, and there's still tons more to learn. My main thanks goes to Don for selecting me as one of the 3 people for May 2010's Giveaway
. It would be only fair for me to leave my personal review of the course.
Before I start, I'd like to say my review in a way similarly reflects Jason Haddix's review here
. I would just like to leave my overall experience in the course and compare and contrast it with Offensive-Security's Pentesting with BackTrack v3 course that I took earlier this year.
Upon getting my eLearnSecurity course login credentials, I immediately scanned over the 3 available sections (System Security, Network Security, and Web Application Security) and immediately my attention was drawn towards the Web Application Security module. This is the most hyped about section in the course and it did not fail to deliver. Silly of me to login and skip past the first two sections - I had personally been exposed to the material and more in the PWB course.
You have up to 120 days from when you enroll into the course to opt for the eCPPT certification, and you can start as early as 7 days being enrolled in it. I'm personally a full-time student, which made the allocated time excellent for me. My prime focus during the 120 days was to mainly focus on the web application security section. I spent most of my time going over the slides in this section a few times, some of the concepts introduced were new to me because PWB hadn't covered it in-depth like eLearnSecurity did. The positives I'd like to emphasize in this section were that the attacks were well explained and it gave good examples on Attack Vectors, I was just a tad displeased that the excellent SQL Injection video demo was on a MSSQL/ASP.NET site and not a MySQL/PHP site. I did appreciate this section showing us the attacks in different type of environments.
About 120 days in I scheduled my examination. After scheduling your exam, your given 30 days to do complete your pen-test and submit in a formal report regarding your findings. My issues regarding this process was the report. In PWB v3 I remember them issuing students report write-ups they could go off of when submitting reports but eLearnSecurity's looked as if they were wanting a more in-depth and formal report. This report consisted of an executive report, vulnerability report, and a remediation report. In the course panel, they offer you various templates you could make use of to include into your report, which I found very useful. Although they offered templates, a required report like this, which I hadn't done before scared me.
The examination itself consists of downloading a Virtual Machine with a Custom-Coded web-application on it. You (the person taking the exam), had to play the role of an attacker and find existing vulnerabilities within the given scope and report back your findings in a report. You weren't personally limited to using a Linux OS for the examination, which I thought gave the exam some options. The actual pen-test itself is pretty fun and feels realistic. I actually enjoyed being handed a real-world hands-on examination versus a written multiple choice examination, it made me feel like I was working at something. I liked being able to break a web-app and walk out of the course having actual hands-on experience doing it.
I initially started the challenge 10/12 and eventually turned in my report 11/10. A few weeks later, I received an e-mail from eLS telling me I needed to include proof of SQLi being present - which I hadn't found with my initial pen-test. Between school and homework, being able to complete the pen-test and do a report was very do-able, I hadn't just looked hard enough for the SQLi. I was given 7 days to find an available existence of this vulnerability in the custom web-app. Immediately I fired-up my VM and looked harder and eventually found it, updated my report with my new findings and sent it in for review.
Personally, I regret not looking harder and having to be told to locate it and send the report back, it made me feel like I had failed in a way.
Overall, the course is definitely geared toward the beginner. I personally, didn't walk through any of the slides and attachments throughout the course in the System and Network Security sections, but I would highly recommend doing it. In order to get the most out of this course, I'd say go through it from start to end and focus especially on the Web Application Security section.
I sort of feel stupid not looking into Mutillidae
or Damn Vulnerable Web App
prior to taking the examination. These alone would of made me feel perfectly prepared. I highly recommend people taking the course or plan on doing it, download these and pen-test them yourselves; doing so will make you feel especially ready for the exam. Being able to find vulnerabilities in the web application is only half of the battle, you'll also need to make a proficient report. This thread is very useful if your new to reporting http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,5456.msg28488/topicseen,1/
. I sort of based my report off of how I went about doing my Pentesting with BackTrack one but changed it around based off of what was required and split it up into the required sections.
What I liked about the Penetration Tester Pro course was the examination proved your going to walk out of the course as a eCPPT having hands-on web application penetration testing experience. It wasn't an extremely advanced, needed an 0-day exploit to pass exam, but it was at a level that anyone who studied the material would be able to pass.
I've heard some folks complain about the prime source of communication regarding this course, but I personally had no issues. I e-mailed Armando on countless occasions and he responded back in a timely manner. I thought it was great they willingly put up a place for feedback
that students can come in and offer what they think needs to be done to improve the course, and also vote on ideas proposed by other students.
The Web Application Security section was put together well and it felt like it covered a broad range of attack vectors. I liked how they provided folks templates for the reports that we could use, this was excellent for people who are new to reporting.
Some areas for improvement in my opinion would be the videos. I thought a majority of them were simplistic and saw a lot of point-and-click tools - I suppose coming from the OffSec background, I'm used to seeing hacking illustrated utilizing a command-line environment. I would've liked to see more material in the Network Security section (mainly what Haddix mentioned). I think it would be great for eLS to get a lab environment in (VPN), or hold capture the flag contests so students wouldn't have to practice the excercises locally. I think it is about being put into an environment and given a target that makes students feel their getting more pay off for the labs. The labs are okay but I think there should be a more hands-on approach for demonstrating students understand the concepts, like how the student would have to demonstrate they had to of grasped the web app section to do the final exam. I think it would be great if eLS would switch up the final examination and make the student feel like the Systems Security and Network Security sections were mandatory in the course. Since the exam involved doing a web-application penetration test, my main interest was geared towards that particular module. I went throughout the course skipping some modules in previous sections.
I know eLearnSecurity a couple days ago just recently updated to version 1.1 in which a Social-Engineering module was added to the Network Security section and they improved some more areas as well. I even saw Armando asking students if he should make the content downloadable locally as oppose to just being available through the course website. I think these area both steps towards the right direction.
How does eLearnSecurity's Penetration Testing Pro stack up against Offensive-Security's Penetration Testing with BackTrack?
Being alumni in both now I could say both are good courses but they are completely different training options. Offensive-Security's PWB course seems to be like, "You paid for the material, heres your downloadable videos, lab guide containing exercises, there's over 50 machines spread out across 4 subnets that are just waiting to be hacked - goodluck and try harder, hope you can endure pain during the exam!", while eLearnSecuritys PTP seems to be like, "You paid for the material, here's access to the online-course containing interactive slides and video demonstrations on tool usage. You can follow the slides and download the attachments to complete labs and get the hands-on effect - be sure to get well acquainted with the Web Application Security section, you'll be attacking a Custom Web Application during the examination."
PWB is definitely for the more hardcore person who can endure pain, and just wants to get out there and go hack something. This course feels like nothing but a never ending Capture the Flag where your goal is to reach the network-secrets.txt file in order to unlock machines in your control panel. In PWB you pay for your allocated amount of lab time, as oppose with eLS's PTP - your given 120 days no matter what. ELearnSecurity seems to be a flexible option in my opinion if your a busy person. In PWB I initially paid for 60 days lab time access and I regretted everyday I didn't utilize my lab time - I even had to go back and pay for extra days just to feel comfortable enough with the material. In eLearnSecurity, it didn't come off at all that I was in a hurry to do the course.
Content wise, I think PWB delivers very nicely in other areas that ELS PTP doesn't. This could be because PWB is geared directly towards Network Penetration Testing and eLS PTP covered multiple domains of hacking. ELearnSecurity did have a more in-depth web application attack section than PWB. Walking into eLS PTP I scanned through the System and Network Security sections and went, "I've already been exposed to this stuff". Though PWB did go over some XSS, LFI/RFI and SQL Injection, it seemed eLearnSecurity's Web Application Security section went more in depth with it
Pentesting with BackTrack I would recommend for the more hardcore person who's comfortable within Linux, has been exposed to attack vectors and has hacked some stuff before but wants to get a more in-depth approach with tools and using BackTrack for what it's meant to be used for. eLearnSecurity's PTP I would definitely recommend for someone new to the scene, looking to get exposed to a beginner level amount of material in System and Network Security, and more of an in-depth look at Web App Security. eLearnSecurity I believe actually gives users 2 certification attempts.
I had a good time in the class and I'm happy to say I'm eCPPT certified.
I don't know if my review helped out much, sorry it was long and drawn out. If you guys have questions I could try to answer them